What is faster, routing or NAT?

Question:

I've heard an opinion,WS-C3750X-48PF-L Price  that routing works faster then NAT, but I can't find any information proving this. For example, if I have several NAT connections on my way to the ISP, it will slow web browsing. Is it true?

My second question is about router's recourses. I almost sure that NAT takes more recourses than routing. Confirm it, if it's correct.

Answer:

The concept of "speed", i.e. what is "faster", is somewhat vague, and it is really difficult to compare the NAT to the routing because they fulfill essentially different functions.

Routing is primarily concerned with lookups - trying to find a matching entry in a routing table. Nowadays, in software-based routers, this is done by creating a prefix tree index over a routing table, performing a longest prefix match in this tree and using the located information to forward the packet (Cisco calls this the CEF). Apart from decreasing the TTL in the packet header and recomputing the header checksum, no more work over a packet is required. In hardware-based routers, the lookup is done in specialized hardware and always within a constant time.

NAT is concerned with lookups in the translation table (exact match, as opposed to prefix-based match during routing) and packet modification. In the case of NAT, you peform a lookup into the translation table to know how to modify the addressing fields of the packet header, optionally the segment header, and in several cases, you also inspect the payload to perform L7 NAT (for example rewriting address/port numbers in FTP or SIP communication). Especially if the NAT needs to modify the packet payload, this can get complicated. After all this modification, several checksums have to be updated as well (L4 segment checksum, L3 packet header checksum, possibly L7 checksum if the application uses any checksums itself).

The complexity of the NAT appears to be higher but from the viewpoint of the number of operations when rewriting pure L3 headers in a static 1:1 mapping, there may be fewer operations than if routing a packet over a routing table containing tens of thousands of entries.

What I am saying is that the answer to your question depends strongly on how the NAT and routing code is implemented and how complex the NAT and routing configuration is.

What can be said with certainty - a router performing only routing will be loaded less than a router that performs both NAT and routing. Please note that there is no such thing as a router performing NAT without routing. That is why I find comparing the complexity of the routing to the complexity of NAT to be somewhat inappropriate. You can't have NAT without routing, so why ask which one of them is WS-C3750X-48P-L "faster"?